Closed geoffreyvanwyk closed 3 years ago
No, this package doesn't handle security. But you can easily integrate it with whatever middleware you want.
I created a middleware that compares the Bearer token against the APP_KEY
and added it to global middleware (Kernel::middleware
):
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Log;
class VerifyScimSecret
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$secret = preg_replace('/Bearer */i', '', $request->header('Authorization'));
if ($secret == env('APP_KEY')) {
return $next($request);
}
return response(null, Response::HTTP_UNAUTHORIZED);
}
}
When setting up user provisioning for an enterprise application in Azure Active Directory, in addition to the Tenant URL there is also a field for a secret. Does this package already handle securing the endpoints with a secret?